[Freeipa-users] Service accounts and groups
Martin Kosek
mkosek at redhat.com
Fri Feb 8 07:57:12 UTC 2013
On 02/07/2013 08:46 PM, Steven Jones wrote:
> Hi,
>
> I have had little to do with permissions until now so bear with me if the Qs are obviously stupid, probably not really IPA but a linux blind spot I have....anyway,
>
> So I have a service account with its group this runs a database.
>
> So oracle with uid 2000 and gid 2000. I have some other users that need to be in the oracle user's group but I cant do that in IPA?
>
> So how do I get around that?
>
> Or am I approaching it totally wrong?
>
> I created a user group called oragrp gid 2001 but the user oracle is creating files with a uid of 2000 and gid of 2000 and not a gid of 2001 which I assume would fix it?
>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
Hello Steven,
I assume you want to change oracle user primary GID, i.e. something like that:
# ipa group-add oragrp --desc "Oracle Group" --gid 2001
--------------------
Added group "oragrp"
--------------------
Group name: oragrp
Description: Oracle Group
GID: 2001
# ipa user-add --first Oracle --last User oracle --noprivate --uid 2000
--gidnumber 2001
-------------------
Added user "oracle"
-------------------
User login: oracle
First name: Oracle
Last name: User
Full name: Oracle User
Display name: Oracle User
Initials: OU
Home directory: /home/oracle
GECOS field: Oracle User
Login shell: /bin/sh
Kerberos principal: oracle at EXAMPLE.COM
Email address: oracle at example.com
UID: 2000
GID: 2001
Password: False
Member of groups: ipausers
Kerberos keys available: False
# su oracle
sh-4.2$ id
uid=2000(oracle) gid=2001(oragrp) groups=2001(oragrp)
context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
$ touch /tmp/foo
$ ls -la /tmp/foo
-rw-r--r--. 1 oracle oragrp 0 Feb 8 02:28 /tmp/foo
Martin
More information about the Freeipa-users
mailing list